| Skip Navigation Links | |
| Exit Print View | |
|
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Sharing Files Between Windows and Oracle Solaris Systems
2. Setting Up Identity Mapping Between Windows and Oracle Solaris Systems
3. Setting Up a Oracle Solaris SMB Server to Manage and Share Files
How to Disable the Samba Service
Configuring the SMB Server Operation Mode (Task Map)
How to Configure the SMB Server in Domain Mode
How to Configure the SMB Server in Workgroup Mode
Managing SMB Shares in This Release
Managing SMB Shares (Task Map)
How to Enable Cross-Protocol Locking
How to Create an SMB Share (zfs)
How to Enable Guest Access to an SMB Share
How to Enable Access-Based Enumeration for a Share
How to Modify SMB Share Properties (zfs)
How to Remove an SMB Share (zfs)
Managing SMB Groups (Task Map)
How to Add a Member to an SMB Group
How to Remove a Member From an SMB Group
How to Modify SMB Group Properties
Enabling CATIA V4/V5 Character Translations
How to the Enable CATIA Interoperability Feature
Configuring SMB Printing (Task Map)
How to Enable the SMB Print Service
Troubleshooting the SMB Service
Checking the DNS Configuration
Ensuring That Kerberos Is Correctly Configured
Ensuring That You Specify the Correct Password for Your Domain User
Ensuring the Firewall Software Does Not Filter Out Required Ports
Viewing Oracle Solaris SMB Service Property Settings
Excluding IP Addresses From WINS Name Resolution
Changes to Windows Group Membership and to User Mapping Do Not Take Effect
Cannot Set Share Security, All Shares Inherit the Security of the Directory Object
Older Versions of Windows Cannot Copy Files Larger Than Four Gbytes
Cannot See the Security Tab From Windows Clients
Microsoft Access or SQL Server Sessions Time Out After a Period of Inactivity
Cannot Add Windows Local Groups to Access Control List
SMB Browsing Fails When share.smb=on Is Set on a ZFS Pool
Samba or SMB Service Cannot Bind Various Ports
SMB Shares on a ZFS File System are Inaccessible After a Reboot
Invalid Password Errors Appear When Mapping a Drive or Browsing Computers in the Workgroup
Access Control List Inheritance Issues
Missing Security Tab on Windows XP Clients
You can add, view, and update SMB shares. A directory must exist before it can be shared. For more information about SMB shares, see SMB Shares.
The Oracle Solaris 11.1 OS further enhances the zfs command syntax to manage SMB and NFS shares and share properties on Oracle Solaris ZFS file systems. For information about the Oracle Solaris 11 command syntax, see Oracle Solaris Administration: SMB and Windows Interoperability and Oracle Solaris Administration: ZFS File Systems.
The Oracle Solaris 11 OS introduced a new method for sharing and managing SMB and NFS shares. The zfs command has been enhanced to manage shares and share properties on Oracle Solaris ZFS file systems. The zfs command now supports SMB and NFS sharing by means of the share, share.smb, and share.nfs properties.
The legacy sharemgr command is no longer available to manage SMB shares. Instead, use the enhanced zfs, share, and unshare commands. Also, the automatic sharing of SMB and NFS shares is managed by SMF rather than by the legacy /etc/dfs/dfstab file, which has been removed.
You can continue to use the legacy file-sharing method to manage shares on file servers that run previous versions of the Oracle Solaris OS. For information about the differences between the new and legacy file-sharing methods, see New ZFS Sharing and Legacy Share Command Summary in Oracle Solaris Administration: ZFS File Systems.
The following table points to the tasks that you can use to manage SMB shares.
|
The SMB protocol assumes mandatory locking, but UNIX traditionally uses advisory locking. The Oracle Solaris OS can be configured to use mandatory locking on a per mount basis by using the non-blocking mandatory locking (nbmand) mount option.
When set, the nbmand mount option enforces mandatory cross-protocol share reservations and byte-range locking.
When the nbmand mount option is not set, the SMB server will enforce mandatory share reservations and byte-range locking internally for all SMB clients. However, without nbmand set, there is only limited coordination with NFS and local processes.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# mount -o nbmand=on pool/dataset
For example, the following command sets the nbmand mount option for the ztank/myfs file system:
# mount -o nbmand ztank/myfs
When using the ZFS file system, you can also set the nbmand option when the file system is created, so that the file system uses nbmand automatically:
# zfs create -o nbmand=on pool/dataset
The following example combines the nbmand option with the mixed-case sensitivity option:
# zfs create -o casesensitivity=mixed -o nbmand=on -o mountpoint=mntpt ztank/myfs
Note - The casesensitivity property is set to mixed by default on ZFS file systems.
This procedure describes how to use the ZFS file system's share property to create ZFS shares on the SMB server.
You can also use the share command to create shares on various file system types. See the share(1M) man page.
To create an autohome share, you must have defined autohome rules. For more information, see How to Create a Specific Autohome Share Rule.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
By default, ZFS file systems enable mixed-case mode.
# zpool create pool vdev # zfs create -o nbmand=on pool/dataset
A share name can include any alphanumeric characters, but not the characters listed here:
" / \ [ ] : | + ; , ? * =
To enable SMB sharing on the dataset, set the share.smb property to on.
# zfs set share.smb=on pool/dataset
To enable SMB sharing on individual named shares, first set share.smb=off on the dataset and then set share.smb=on on the individual shares.
Note - The zfs command automatically constructs the default share name in the following circumstances:
When you create the dataset and set the share.smb property to on
When you create a share without specifying a name property value
The share name is based on the name of the dataset mount point. Any characters that are illegal for share names are replaced by an underscore (_).
# zfs share -o share.smb=on pool/dataset%share-name
Use the zfs command to set share properties. See the zfs(1M) man page.
Share properties are stored as ZFS dataset properties, and the share ACL for each share is stored in the .zfs/shares directory of the dataset.
Use the ls command to show the share-level ACLs on these entries. Use the chmod command to modify the share-level ACLs on the entries in this directory. See the ls(1) and chmod(1) man pages.
For example, create the dataset and share:
# zfs create -o mountpoint=/users tank/users # zfs share -o share.smb=on tank/users%ushare
For more information about SMB share properties, see SMB Share Properties, and the share_smb(1M), share(1M), and zfs(1M) man pages.
The following command creates a new share with the client-side caching policy set to auto:
# zfs create -o mountpoint=/admins tank/admins # zfs share -o share.smb=on -o share.smb.csc=auto tank/admins%ashare
You can also add properties to existing shares. The following command sets the guest access policy of the share that was created by the previous command to true:
# zfs set share.smb.guestok=on tank/admins%ashare
Use any of the following methods:
# zfs get -r share.smb.all tank/admins%ashare NAME PROPERTY VALUE SOURCE tank/admins%ashare share.smb.abe off default tank/admins%ashare share.smb.ad-container default tank/admins%ashare share.smb.catia off default tank/admins%ashare share.smb.csc auto local tank/admins%ashare share.smb.dfsroot off default tank/admins%ashare share.smb.guestok on local tank/admins%ashare share.smb.none default tank/admins%ashare share.smb.ro default tank/admins%ashare share.smb.rw default
# share ashare /admins smb csc=auto,guestok=true
# cat /etc/dfs/sharetab /admins ashare smb guestok,csc=auto
Example 3-3 Inherited SMB Sharing for ZFS File Systems in a Pool
For information about ZFS share property inheritance, see Sharing and Unsharing ZFS File Systems in Oracle Solaris 11.1 Administration: ZFS File Systems.
The following commands create a pool and enable SMB sharing for that pool. When you create the ZFS file systems in that pool, the file systems inherit SMB sharing.
# zpool create -O share.smb=on sandbox c8t3d0 # zfs create -o nbmand=on sandbox/fs1 # zfs create -o nbmand=on sandbox/fs2 # zfs get -r share.smb sandbox NAME PROPERTY VALUE SOURCE sandbox share.smb on local sandbox% share.smb on inherited from sandbox sandbox/fs1 share.smb on inherited from sandbox sandbox/fs1% share.smb on inherited from sandbox sandbox/fs2 share.smb on inherited from sandbox sandbox/fs2% share.smb on inherited from sandbox
Example 3-4 SMB Sharing for a ZFS File System
The following commands create a ZFS pool and a mixed-case file system that supports cross-protocol locking and SMB sharing:
# zpool create sandbox c0t3d0 # zfs create -o share.smb=on -o nbmand=on sandbox/fs1
The ZFS file system constructs the share name based on the dataset mount point when the share is created by setting share.smb=on. Any illegal characters in the share name are replaced by an underscore (_). In this example, the share name sandbox_fs1 is based on the dataset mount point sandbox/fs1.
The zfs get -r share.smb command lists all shares that are defined on a mounted file system.
# zfs get -r share.smb sandbox/fs1 NAME PROPERTY VALUE SOURCE sandbox/fs1 share.smb on local sandbox/fs1% share.smb on inherited from sandbox/fs1
You can also view the list of active shares on the system from the /etc/dfs/sharetab file.
The zfs get command shows a subset of the share properties:
# zfs get share.smb.all sandbox/fs1% NAME PROPERTY VALUE SOURCE sandbox/fs1% share.smb.abe off default sandbox/fs1% share.smb.ad-container default sandbox/fs1% share.smb.catia off default sandbox/fs1% share.smb.csc default sandbox/fs1% share.smb.dfsroot off default sandbox/fs1% share.smb.guestok off default sandbox/fs1% share.smb.none default sandbox/fs1% share.smb.ro default sandbox/fs1% share.smb.rw default
To view the local and inherited share properties, use the following command:
# zfs get -rs local,inherited -e share.smb.all sandbox NAME PROPERTY VALUE SOURCE sandbox/fs1 share.smb.guestok on local sandbox/fs1% share.smb.guestok on inherited from sandbox/fs1 sandbox/fs2 share.smb.guestok on local sandbox/fs2 share.smb.ro otherhost local sandbox/fs2 share.smb.rw myhost local sandbox/fs2%myshare share.smb.guestok on inherited from sandbox/fs2 sandbox/fs2%myshare share.smb.ro otherhost inherited from sandbox/fs2 sandbox/fs2%myshare share.smb.rw myhost inherited from sandbox/fs2
To view all the share properties, use the following command:
# zfs get share.all sandbox/fs1% NAME PROPERTY VALUE SOURCE sandbox/fs1% share.desc default sandbox/fs1% share.name sandbox_fs1 - sandbox/fs1% share.nfs off default sandbox/fs1% share.nfs.* ... default sandbox/fs1% share.path default sandbox/fs1% share.point /sandbox/fs1 - sandbox/fs1% share.protocols smb inherited from sandbox/fs1 sandbox/fs1% share.smb on inherited from sandbox/fs1 sandbox/fs1% share.smb.* ... default sandbox/fs1% share.state shared -
A property value of ... can be expanded further. For example, you can view the share.smb.* properties by using the following command:
# zfs get share.smb.all sandbox/fs1% NAME PROPERTY VALUE SOURCE sandbox/fs1% share.smb.abe off default sandbox/fs1% share.smb.ad-container default sandbox/fs1% share.smb.catia off default sandbox/fs1% share.smb.csc default sandbox/fs1% share.smb.dfsroot off default sandbox/fs1% share.smb.guestok off default sandbox/fs1% share.smb.none default sandbox/fs1% share.smb.ro default sandbox/fs1% share.smb.rw default
You can also use view both the global share properties and the SMB properties by using the following command:
# zfs get share.all,share.smb.all sandbox/fs1% NAME PROPERTY VALUE SOURCE sandbox/fs1% share.desc default sandbox/fs1% share.name sandbox_fs1 - sandbox/fs1% share.nfs off default sandbox/fs1% share.nfs.* ... default sandbox/fs1% share.path default sandbox/fs1% share.point /sandbox/fs1 - sandbox/fs1% share.protocols smb inherited from sandbox/fs1 sandbox/fs1% share.smb on inherited from sandbox/fs1 sandbox/fs1% share.smb.* ... default sandbox/fs1% share.state shared - sandbox/fs1% share.smb.abe off default sandbox/fs1% share.smb.ad-container default sandbox/fs1% share.smb.catia off default sandbox/fs1% share.smb.csc default sandbox/fs1% share.smb.dfsroot off default sandbox/fs1% share.smb.guestok off default sandbox/fs1% share.smb.none default sandbox/fs1% share.smb.ro default sandbox/fs1% share.smb.rw default
The following commands create another file system in the sandbox pool called fs2, associate the file system with the myshare share name, and enable SMB sharing:
# zfs create -o nbmand=on sandbox/fs2 # zfs share -o share.smb=on sandbox/fs2%myshare
You can use the zfs get command to view the share.smb and share property values for the sandbox pool.
# zfs get -r share.smb.all sandbox NAME PROPERTY VALUE SOURCE sandbox share.smb off default sandbox/fs1 share.smb on local sandbox/fs1% share.smb on inherited from sandbox/fs1 sandbox/fs2 share.smb off default sandbox/fs2%myshare share.smb on local # zfs get -r share.smb.all sandbox NAME PROPERTY VALUE SOURCE sandbox share.smb.abe off default sandbox share.smb.ad-container default sandbox share.smb.catia off default sandbox share.smb.csc default sandbox share.smb.guestok off default sandbox share.smb.none default sandbox share.smb.ro default sandbox share.smb.rw default sandbox/fs1 share.smb.abe off default sandbox/fs1 share.smb.ad-container default sandbox/fs1 share.smb.catia off default sandbox/fs1 share.smb.csc default sandbox/fs1 share.smb.guestok off default sandbox/fs1 share.smb.none default sandbox/fs1 share.smb.ro default sandbox/fs1 share.smb.rw default sandbox/fs1% share.smb.abe off default sandbox/fs1% share.smb.ad-container default sandbox/fs1% share.smb.catia off default sandbox/fs1% share.smb.csc default sandbox/fs1% share.smb.dfsroot off default sandbox/fs1% share.smb.guestok off default sandbox/fs1% share.smb.none default sandbox/fs1% share.smb.ro default sandbox/fs1% share.smb.rw default sandbox/fs2 share.smb.abe off default sandbox/fs2 share.smb.ad-container default sandbox/fs2 share.smb.catia off default sandbox/fs2 share.smb.csc default sandbox/fs2 share.smb.guestok off default sandbox/fs2 share.smb.none default sandbox/fs2 share.smb.ro default sandbox/fs2 share.smb.rw default sandbox/fs2%myshare share.smb.abe off default sandbox/fs2%myshare share.smb.ad-container default sandbox/fs2%myshare share.smb.catia off default sandbox/fs2%myshare share.smb.csc default sandbox/fs2%myshare share.smb.dfsroot off default sandbox/fs2%myshare share.smb.guestok off default sandbox/fs2%myshare share.smb.none default sandbox/fs2%myshare share.smb.ro default sandbox/fs2%myshare share.smb.rw default
You can also see the list of all active shares on the system by viewing the /etc/dfs/sharetab file.
The following command creates a child file system of sandbox/fs2 called sandbox/fs2/fs2_sub1:
# zfs create sandbox/fs2/fs2_sub1
The new file system inherits the share.smb property from its parent, sandbox/fs1, which causes a new default share to be created.
# zfs create -o nbmand=on sandbox/fs1/fs1_sub1 # zfs get -r share.smb sandbox NAME PROPERTY VALUE SOURCE sandbox share.smb off default sandbox/fs1 share.smb on local sandbox/fs1% share.smb on inherited from sandbox/fs1 sandbox/fs1/fs1_sub1 share.smb on inherited from sandbox/fs1 sandbox/fs1/fs1_sub1% share.smb on inherited from sandbox/fs1 sandbox/fs2 share.smb off default sandbox/fs2%myshare share.smb on local sandbox/fs2/fs2_sub1 share.smb off default # cat /etc/dfs/sharetab /sandbox/fs2 myshare smb - /sandbox/fs1 sandbox_fs1 smb - /sandbox/fs1/fs1_sub1 sandbox_fs1_fs1_sub1 smb -
You can also see the list of all active shares on the system by viewing the /etc/dfs/sharetab file.
If you disable SMB sharing for sandbox/fs1, that file system and its children are affected.
# zfs set share.smb=off sandbox/fs1 # zfs get -r share.smb sandbox NAME PROPERTY VALUE SOURCE sandbox share.smb off default sandbox/fs1 share.smb off local sandbox/fs1/fs1_sub1 share.smb off inherited from sandbox/fs1 sandbox/fs2 share.smb off default sandbox/fs2%myshare share.smb on local sandbox/fs2/fs2_sub1 share.smb off default # cat /etc/dfs/sharetab | grep sandbox /sandbox/fs2 myshare smb -
Note that disabling the share.smb property only unpublishes the shares but does not remove the share definitions. The /etc/dfs/sharetab file shows that only the myshare share is still published, while the sandbox_fs1 and sandbox_fs2_fs2_sub1 shares still exist but are no longer published.
Example 3-5 Using ls and chmod to Manage SMB Share-Level ACLs
The following example shows how to view the share-level ACLs on SMB shares in the .zfs/shares directory. This example also shows how to use the chmod command to modify the ACLs on these shares. Finally, the example shows how to verify that the ACL has been correctly updated by using the ls command. For more information about using the chmod command to modify ACLs, see the chmod(1) man page.
This example shows how you can manage share ACLs on an Oracle Solaris system. However, it is best practice to use Windows utilities to manage share ACLs.
The ACLs are stored on resources located in the .zfs/shares subdirectory in the root of the shared file system. In this example, the shared file system is /zpool/cosmos and one resource, pluto, is stored in the .zfs/shares directory for this file system.
After changing to the /zpool/cosmos/.zfs/shares directory, you can use the ls -lv command to view the ACL information on the resources in that directory.
# cd /zpool/cosmos/.zfs/shares
# ls -lv
total 2
----------+ 1 root root 0 Feb 8 18:35 pluto
0:everyone@:read_data/write_data/append_data/read_xattr/write_xattr
/execute/delete_child/read_attributes/write_attributes/delete
/read_acl/write_acl/write_owner/synchronize:allow
The ls -lv output shows that the pluto resource is owned by the root user and the root group. The everyone ACL entry covers all other users who are not the root user or part of the root group. The everyone ACL entry shows that everyone has all access privileges, which is the default.
Next, use the chmod command to add a user, terry, who only has read access to the pluto resource. After running the chmod command, the ls -lv command shows you the new ACL entry for user terry. Note that the ACL entry for everyone is unchanged.
# chmod A+user:terry:read_data/read_xattr/read_attributes/read_acl:allow pluto
# ls -lv
total 2
-rwxrwxrwx+ 1 root root 0 Feb 8 18:35 pluto
0:user:terry:read_data/read_xattr/read_attributes/read_acl:allow
1:everyone@:read_data/write_data/append_data/read_xattr/write_xattr
/execute/delete_child/read_attributes/write_attributes/delete
/read_acl/write_acl/write_owner/synchronize:allow
Use the chmod command to modify the ACL entry for user terry to permit all access privileges. Now, the ls -lv command shows that the ACL entry for user terry has been updated to have all access privileges.
# chmod A0=user:terry:read_data/write_data/append_data/read_xattr/ \
write_xattr/execute/delete_child/read_attributes/write_attributes/delete/ \
read_acl/write_acl/write_owner/synchronize:allow pluto
# ls -lv
total 2
-rwxrwxrwx+ 1 root root 0 Feb 8 18:35 pluto
0:user:terry:read_data/write_data/append_data/read_xattr/write_xattr
/execute/delete_child/read_attributes/write_attributes/delete
/read_acl/write_acl/write_owner/synchronize:allow
1:everyone@:read_data/write_data/append_data/read_xattr/write_xattr
/execute/delete_child/read_attributes/write_attributes/delete
/read_acl/write_acl/write_owner/synchronize:allow
When you have guest access to a share, you are permitted access to the share even if you are not a regular user of the system. You do not need to present credentials for authentication to gain access to that share.
The SMB server uses the guestok share property to specify whether guest access is permitted for a given share. If guestok is set to true, guest access is enabled. However, if guestok is not defined or is set to false, guest access is disabled. By default, the guest access is disabled.
This procedure shows how to use the zfs command to enable guest access, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# zfs create -o mountpoint=/eng pool/eng # zfs share -o share.smb=on -o share.smb.guestok=on pool/eng%eshare
Example 3-6 Enabling Guest Access to an SMB Share
The following example uses the zfs command to enable guest access for the myshare share:
# zfs share -o share.smb=on -o share.smb.guestok=on tank/home%myshare
If you attempt a connection to an SMB server without an account name or a valid account, the request is interpreted as a guest connection. Such a connection is not authenticated unless the guest account has a password. Windows systems typically use a predefined local account called Guest to represent guest connections. Note that this account can be renamed. In the Oracle Solaris OS, you can define an idmap name-based rule to map the Guest Windows user to any local Oracle Solaris user name, such as guest or nobody.
The following command creates a name-based mapping between the Windows user, Guest, and the Oracle Solaris user, guest:
# idmap add winname:Guest unixuser:guest
If the local account has an SMB password in the /var/smb/smbpasswd file, the guest connection is authenticated against that password. Any connection over SMB that is made by using an account that maps to the local guest account is designated as a guest connection. In the absence of an idmap rule for Guest, an ephemeral ID is generated for this Windows account by the idmap service.
The access-based enumeration (ABE) feature filters directory content based on the access granted to the user who is browsing the directory. This feature is compatible with the Windows ABE feature.
When ABE filtering is enabled, you see only the files and directories to which you have access. This behavior has benefits such as the following:
It is easier to find files in directories that contain many files by reducing the number of files shown in the listing.
An “out-of-sight, out-of-mind” policy is implemented.
ABE filtering is managed on a per-share basis by using the zfs command to set the Boolean abe property. See the zfs(1M) man page.
ABE filtering is also supported on autohome shares. See the smbautohome(4) man page.
Note - With ABE filtering enabled, you still might see files in a directory listing that you cannot open. For example, if you have the ability to read the attributes of a file, ABE filtering shows the file in the directory listing, but you will be denied access if you attempt to open the file for reading or writing. Also, user privileges might result in files being shown, even though the ACL appears to deny all access.
When abe=true, ABE filtering is enabled on the share. Any directory entries to which you have no access are omitted from directory listings. When abe=false or is not defined, ABE filtering is not performed on the share. By default, the abe property is not defined.
This procedure shows how to use the zfs command to enable ABE filtering for a share, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# zfs share -o share.smb=on -o share.smb.abe=on pool/dataset%share-name
For example, the following command enables ABE filtering for the new myshare share:
# zfs create tank/home # zfs share -o share.smb=on -o share.smb.abe=on tank/home%myshare
Use this procedure to change properties on a share.
This procedure shows how to use the zfs command to modify share properties, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# zfs get share.all,share.smb.all tank/home%home NAME PROPERTY VALUE SOURCE tank/home%home share.desc default tank/home%home share.name home - tank/home%home share.nfs off default tank/home%home share.nfs.* ... default tank/home%home share.path default tank/home%home share.point /tank/home - tank/home%home share.protocols smb local tank/home%home share.smb on local tank/home%home share.smb.* ... default tank/home%home share.state shared - tank/home%home share.smb.abe off default tank/home%home share.smb.ad-container default tank/home%home share.smb.catia off default tank/home%home share.smb.csc default tank/home%home share.smb.dfsroot off default tank/home%home share.smb.guestok off default tank/home%home share.smb.none default tank/home%home share.smb.ro default tank/home%home share.smb.rw default
For example, first change the guestok property to false.
# zfs set share.smb.guestok=off tank/home
Then, change the value of the csc property from auto to disabled.
# zfs set share.smb.csc=disabled tank/home
This procedure describes how to remove an SMB share. When you remove an SMB share, the definition of the share is removed from the server. You can re-create the share with the zfs command.
This procedure shows how to use the zfs command to remove a share, but you can also use the unshare command for other file system types. See the unshare(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# zfs destroy pool/dataset%share-name
For example, the following command removes the sales_share1 share from the tank/sales dataset:
# zfs destroy tank/sales%share_sales1
The autohome share feature eliminates the administrative task of defining and maintaining home directory shares for each user that accesses the system through the SMB protocol. The system creates autohome shares when a user logs in, and removes them when the user logs out. This procedure describes how to configure autohome shares by adding rules to a configuration file.
For information about the smbautohome format, see SMB Autohome Entries and the smbautohome(4) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
An autohome entry must be on a single line in the following format:
key location [container]
Usually this field is a user name, but it can also be one of the following:
+nsswitch – Uses the naming service to match users to home directories if no rule matches.
Asterisk (*) – Matches a user name to a home directory that uses the same name.
Specify the absolute path excluding the user name, or use one of the following substitution characters:
Question mark (?) – Substitutes for the first character of the user name.
Ampersand (&) – Substitutes for a complete user name.
For example, the following rule maps to /home/a/amy:
amy /home/?/&
For more information about the path, see SMB Autohome Shares.
This procedure describes how to use the ZFS file system's share property to restrict access to a share based on a client's host address. This feature is known as host-based access control.
For more information about the access control mechanisms that are used for shares, see SMB Share Access Control.
This procedure shows how to use the zfs command to restrict client host access, but you can also use the share command for other file system types. See the share(1M) man page.
A client host is permitted to have only one of the following types of access to a share:
Read-only access
Read-write access
No access
For information about access lists, see the share_smb(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# zfs share -o share.smb=on -o share.smb.ro=hostname[:hostname] pool/dataset%share-name # zfs share -o share.smb=on -o share.smb.rw=hostname[:hostname] pool/dataset%share-name # zfs share -o share.smb=on -o share.smb.none="" pool/dataset%share-name
A host name, a netgroup, or an IP address
Name of the dataset and share being shared
You can specify the host access policy by combining the access settings in a single command. For example, the following command specifies how particular hosts can access the acme.sales.logs share. The mercury and venus hosts have read-write access, mars has read-only access, and neptune has no access.
# zfs share -o share.smb=on -o share.smb.rw=mercury:venus,ro=mars,none="" \ tank/sales/logs%acme.sales.logs
|